[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 05/19] linux-user/mmap.c: fix integer underflow in target_mremap
From: |
Laurent Vivier |
Subject: |
[PULL 05/19] linux-user/mmap.c: fix integer underflow in target_mremap |
Date: |
Fri, 5 Jun 2020 13:46:46 +0200 |
From: Jonathan Marler <johnnymarler@gmail.com>
Fixes: https://bugs.launchpad.net/bugs/1876373
This code path in mmap occurs when a page size is decreased with mremap. When
a section of pages is shrunk, qemu calls mmap_reserve on the pages that were
released. However, it has the diff operation reversed, subtracting the larger
old_size from the smaller new_size. Instead, it should be subtracting the
smaller new_size from the larger old_size. You can also see in the previous
line of the change that this mmap_reserve call only occurs when old_size >
new_size.
Bug: https://bugs.launchpad.net/qemu/+bug/1876373
Signed-off-by: Jonathan Marler <johnnymarler@gmail.com>
Reviewded-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200502161225.14346-1-johnnymarler@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
linux-user/mmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index e37803379747..caab62909eb1 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -708,7 +708,7 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong
old_size,
if (prot == 0) {
host_addr = mremap(g2h(old_addr), old_size, new_size, flags);
if (host_addr != MAP_FAILED && reserved_va && old_size > new_size)
{
- mmap_reserve(old_addr + old_size, new_size - old_size);
+ mmap_reserve(old_addr + old_size, old_size - new_size);
}
} else {
errno = ENOMEM;
--
2.26.2
- [PULL 01/19] linux-user, alpha: fix oldumount syscall, (continued)
- [PULL 01/19] linux-user, alpha: fix oldumount syscall, Laurent Vivier, 2020/06/05
- [PULL 02/19] linux-user: return target error codes for socket() and prctl(), Laurent Vivier, 2020/06/05
- [PULL 12/19] stubs/Makefile: Reduce the user-mode object list, Laurent Vivier, 2020/06/05
- [PULL 11/19] util/Makefile: Reduce the user-mode object list, Laurent Vivier, 2020/06/05
- [PULL 06/19] linux-user: implement OFD locks, Laurent Vivier, 2020/06/05
- [PULL 09/19] tests/Makefile: Only display TCG-related tests when TCG is available, Laurent Vivier, 2020/06/05
- [PULL 03/19] linux-user: Add support for /proc/cpuinfo on hppa platform, Laurent Vivier, 2020/06/05
- [PULL 13/19] target/riscv/cpu: Restrict CPU migration to system-mode, Laurent Vivier, 2020/06/05
- [PULL 19/19] stubs: Restrict ui/win32-kbd-hook to system-mode, Laurent Vivier, 2020/06/05
- [PULL 04/19] linux-user/strace.list: fix epoll_create{, 1} -strace output, Laurent Vivier, 2020/06/05
- [PULL 05/19] linux-user/mmap.c: fix integer underflow in target_mremap,
Laurent Vivier <=
- [PULL 16/19] target/i386: Restrict CpuClass::get_crash_info() to system-mode, Laurent Vivier, 2020/06/05
- [PULL 10/19] tests/Makefile: Restrict some softmmu-only tests, Laurent Vivier, 2020/06/05
- [PULL 08/19] configure: Avoid building TCG when not needed, Laurent Vivier, 2020/06/05
- [PULL 07/19] Makefile: Only build virtiofsd if system-mode is enabled, Laurent Vivier, 2020/06/05
- [PULL 17/19] target/s390x: Restrict CpuClass::get_crash_info() to system-mode, Laurent Vivier, 2020/06/05
- [PULL 14/19] exec: Assert CPU migration is not used on user-only build, Laurent Vivier, 2020/06/05
- [PULL 15/19] arch_init: Remove unused 'qapi-commands-misc.h' include, Laurent Vivier, 2020/06/05
- [PULL 18/19] hw/core: Restrict CpuClass::get_crash_info() to system-mode, Laurent Vivier, 2020/06/05
- Re: [PULL 00/19] Linux user for 5.1 patches, Peter Maydell, 2020/06/05